DoNotChange Ransomware

The DoNotChange Ransomware is a ransomware Trojan that is designed to make the victims' files inaccessible to demand the payment of a ransom. After the DoNotChange Ransomware has managed to enter a computer, the DoNotChange Ransomware adds the file extension '.Do_not_change_the_file_name.cryp' to the end of each file's name. After encrypting its victim's files, the DoNotChange Ransomware creates two text files on the victim's desktop. These files, named 'HOW TO DECODE FILES!!!.txt' and 'КАК РАСШИФРОВАТЬ ФАЙЛЫ!!!.txt,' contain the DoNotChange Ransomware's ransom, demanding payment in exchange for the means to decrypt the corrupted files.

Any Changes to the Encrypted Files may Worsen the Situation

Victims of the DoNotChange Ransomware must pay a ransom of approximate $250 USD to recover their files. Computer users should not pay this ransom or contact the crooks. In many cases, the people responsible for attacks like the DoNotChange Ransomware will ignore the victims completely, or demand additional payments once the victim has been compromised. Unfortunately, it is not possible to recover the files that have been encrypted by the DoNotChange Ransomware, making it necessary for computer users to recover their files from a backup copy.

The DoNotChange Ransomware has been released in two different versions, which use different file extensions to identify the files that have been encrypted. Like most ransomware Trojans, the DoNotChange Ransomware uses a combination of the AES and RSA encryptions to make the affected files inaccessible completely. The DoNotChange Ransomware will target all files on the infected hard drive, as well as on removable memory devices linked to the victim's computer, and any network shared drives. The DoNotChange Ransomware targets files with the following file extensions in its attack specifically:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

The Infection Method Used by the DoNotChange Ransomware

The most common way in which the DoNotChange Ransomware is delivered is through the use of corrupted email attachments, which download and install the DoNotChange Ransomware on the victim's computer. Fortunately, PC security analysts have released a decryptor that helps computer users recover their files after a DoNotChange Ransomware attack. The following is the English version of the DoNotChange Ransomware's ransom note, contained in the file 'HOW TO DECODE FILES!!!.txt':

'*******************************************************************************
ATTENTION!!! Changing the file name makes the restore process impossible!
*******************************************************************************
Your data is encrypted.
To receive a program of decoding, You need to pay ~ $ 250 and
You need to send the personal code:
7ES642406
To the email address tom.anderson@india.com, DE_CODER@mail2tor.com, scryptx@meta.ua, robert.swat@qip.ru
Then you will receive all the necessary instructions.
Attempts to decipher independently will not lead to anything, except irretrievable
loss of information.
We respond to all emails, if there is no answer within 10 hours, duplicate your
letter other email services.
If you did not receive the answer from the after-cited email for more than 48 hours (and only in this case!),
Download Tor Browser from here:
hxxps://www.torproject.org/download/download-easy.html.en
Install it and type the following address into the address bar:
hxxp://5akvz3kp6qbqmpoo.onion/
Thank you for your attention and have a good day.
*******************************************************************************
ATTENTION!!! Changing the file name makes the restore process impossible!'

The Russian-language version of the DoNotChange Ransomware ransom's demand is contained in a file named 'КАК РАСШИФРОВАТЬ ФАЙЛЫ!!!.txt', and reads as follows:

'*******************************************************************************
ВНИМАНИЕ!!! Изменение имени файлов делает процесс восстановления невозможным!
*******************************************************************************
Ваши данные закодированны.
Для получения программы по раскодировки от вас требуется оплата ~400$ для этого
Вам необходимо отправить код:-
На электронный адрес tom.anderson@india.com,DE_CODER@mail2tor.com,scryptx@meta.ua
Далее вы получите все необходимые инструкции.
Попытки расшифровать самостоятельно не приведут ни к чему, кроме безвозвратной
потери информации.
Если сами не будете затягивать - то через 1-2 часа сможете продолжать работу как
ни в чем ни бывало + избавитесь от лазеек в системе и никто вас более не потревожит.
Если вы не получили от нас ответа, попробуйте для связи использовать публичные
почтовые сервисы: mail.ru, rambler.ru и т.д.
Мы отвечаем на все письма, если ответа нет в течении 10 часов, продублируйте свое
письмо с других почтовых сервисов.
Спасибо за внимание и хорошего Вам дня.
*******************************************************************************
ВНИМАНИЕ!!! Изменение имени файлов делает процесс восстановления невозможным!
*******************************************************************************'